ET EXPLOIT Possible EXIM DoS (CVE-2019-16928)

SID: 2028636Rev: 30 viewsHistory

Sourceet/open

CreatedSeptember 30, 2019

UpdatedOctober 1, 2019

Classificationattempted-admin

alert smtp any any -> $SMTP_SERVERS any (msg:"ET EXPLOIT Possible EXIM DoS (CVE-2019-16928)"; flow:established,to_server; content:"EHLO "; depth:5; isdataat:5000,relative; content:!"|0a|"; within:500; reference:cve,2019-16928; reference:url,bugs.exim.org/show_bug.cgi?id=2449; reference:url,git.exim.org/exim.git/patch/478effbfd9c3cc5a627fc671d4bf94d13670d65f; classtype:attempted-admin; sid:2028636; rev:3; metadata:attack_target SMTP_Server, created_at 2019_09_30, cve CVE_2019_16928, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Critical, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_10_01;)

References

cve	2019-16928
url	bugs.exim.org/show_bug.cgi?id=2449
url	git.exim.org/exim.git/patch/478effbfd9c3cc5a627fc671d4bf94d13670d65f

Metadata

attack targetSMTP_Server

created at2019_09_30

cveCVE-2019-16928

deploymentInternal

confidenceMedium

signature severityCritical

tagDescription_Generated_By_Proofpoint_Nexus

updated at2019_10_01

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!